Merge branch 'master' into config-doc-descriptions

docs/extensions/settings/tests.md

@@ -16,15 +16,6 @@ You need a working installation of [the Go programming language](https://golang.
 
 Make sure you've cloned the [web frontend repo](https://github.com/owncloud/web/) and the [infinite scale repo](https://github.com/owncloud/ocis/) next to each other. If your file/folder structure is different, you'll have to change the paths below accordingly.
 
-{{< hint info >}}
-For now, an IDP configuration file gets generated once and will fail upon changing the oCIS url as done below. To avoid any clashes, remove this file before starting the tests:
-
-```bash
-rm ~/.ocis/idp/identifier-registration.yaml
-```
-
-{{< /hint >}}
-
 ### In the web repo
 
 #### **Optional:** Build web to test local changes

docs/ocis/deployment/basic-remote-setup.md

@@ -19,12 +19,6 @@ Initialize the oCIS configuration by running `./bin/ocis init`.
 
 Upon first start of the oCIS fullstack server with `./bin/ocis server` it will generate a directory tree skeleton in `$HOME/.ocis`. If that is already existing it will not be overwritten as it contains all relevant data for oCIS.
 
-In `$HOME/.ocis/idp` is a file `identifier-registration.yaml`. It is used to configure the built-in identity provider and therefore contains the OpenID Connect issuer and also information about relying parties, for example ownCloud Web and our desktop and mobile applications.
-
-{{< hint warning >}}
-The `identifier-registration.yaml` file will only be generated if it does not exist yet. If you want to change certain environment variables like `OCIS_URL`, please delete this file first before doing so. Otherwise your changes will not be applied correctly and you will run into errors.
-{{< /hint >}}
-
 For the following examples you need to have the oCIS binary in your current working directory, we assume it is named `ocis` and it needs to be marked as executable. See [Getting Started]({{< ref "../getting-started/#binaries" >}}) for where to get the binary from.
 
 ### Using automatically generated certificates

docs/ocis/deployment/bridge.md

@@ -204,15 +204,6 @@ export IDP_LDAP_NAME_ATTRIBUTE=givenName
 ```
 Don't forget to use an existing user with admin permissions (only admins are allowed to list all users via the graph api) and the correct password.
 
-{{< hint warning >}}
-* TODO: change the default values in glauth & ocis to use an `ownclouduuid` attribute.
-* TODO: split `OCIS_URL` and `IDP_ISS` env vars and use `OCIS_URL` to generate the clients in the `identifier-registration.yaml`.
-{{< /hint >}}
-
-### Configure clients
-
-When the `identifier-registration.yaml` does not exist it will be generated based on the `OCIS_URL` environment variable.
-
 #### Run it!
 
 You can now bring up `ocis/bin/ocis idp` with:
@@ -276,7 +267,7 @@ $ bin/web server --web-config-server https://cloud.example.com --oidc-authority
 - `--web-config-server https://cloud.example.com` is ownCloud url with webdav and ocs endpoints (oc10 or ocis)
 - `--oidc-authority https://192.168.1.100:9130` the openid connect issuing authority, in our case `oidc-idp`, running on port 9130
 - `--oidc-metadata-url https://192.168.1.100:9130/.well-known/openid-configuration` the openid connect configuration endpoint, typically the issuer host with `.well-known/openid-configuration`, but there are cases when another endpoint is used, e.g. ping identity provides multiple endpoints to separate domains
-- `--oidc-client-id ocis` the client id we will register later with `ocis-idp` in the `identifier-registration.yaml`
+- `--oidc-client-id ocis` the client id we will register later with `ocis-idp` in idp OIDC client settings
 
 ### Patch owncloud
 
@@ -324,4 +315,4 @@ In the above configuration replace
 
 Aside from the above todos these are the next steps
 - tie it all together behind `ocis-proxy`
-- create an `ocis bridge` command that runs all the ocis services in one step with a properly preconfigured `ocis-idp` `identifier-registration.yaml` file for `ownCloud Web` and the owncloud 10 `openidconnect` app, as well as a randomized `--signing-kid`.
+- create an `ocis bridge` command that runs all the ocis services in one step with a properly preconfigured idp OIDC client `ocis-idp` for `ownCloud Web` and the owncloud 10 `openidconnect` app, as well as a randomized `--signing-kid`.

docs/ocis/deployment/ocis_keycloak.md

@@ -72,16 +72,6 @@ See also [example server setup]({{< ref "preparing_server" >}})
   OCIS_DOMAIN=
   # ownCloud Web openid connect client id. Defaults to "ocis-web"
   OCIS_OIDC_CLIENT_ID=
-  # IDP LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "idp".
-  IDP_LDAP_BIND_PASSWORD=
-  # Storage LDAP bind password. Must be changed in order to have a secure oCIS. Defaults to "reva".
-  STORAGE_LDAP_BIND_PASSWORD=
-  # JWT secret which is used for the storage provider. Must be changed in order to have a secure oCIS. Defaults to "Pive-Fumkiu4"
-  OCIS_JWT_SECRET=
-  # JWT secret which is used for uploads to create transfer tokens. Must be changed in order to have a secure oCIS. Defaults to "replace-me-with-a-transfer-secret"
-  STORAGE_TRANSFER_SECRET=
-  # Machine auth api key secret. Must be changed in order to have a secure oCIS. Defaults to "change-me-please"
-  OCIS_MACHINE_AUTH_API_KEY=
 
   ### Keycloak ###
   # Domain of Keycloak, where you can find the management and authentication frontend. Defaults to "keycloak.owncloud.test"